North Korean Malware Hidden in Video Games Used to Launch DDOS Attacks

A report from earlier this week claims that intelligence agents in North Korea managed to export malware-laden video games into South Korea for the express purpose of launching distributed denial of service attacks. If true, this is a remarkable scam, one that will probably make Korean gamers think twice about their purchases.

The Korea Joonang Daily reports that a South Korean video game distributor — identified only by his surname “Jo” — traveled to Shenyang, China in 2009. There, officials claim that Jo knowingly met with members of North Korea’s Reconnaissance General Bureau and asked them to develop games which he could distribute in South Korea. The report says that Jo purchased “dozens of computer game software for tens of millions of won,” apparently 1/3 the normal price.

South Korean officials claim that Jo knew that these games were packed to the gills with malware, but brought them back to South Korea anyway. Though the report is vague on this point, it seems that Jo was operating online games with over 100,000 total users. The exact methodology is unclear, but the report does say that the malware latched on to the computers of online gamers and used them to launch DDoS attacks. Specifically, officials claim, to attack the Incheon International Airport in South Korea which fended off several attacks in March of last year.

The tense relations between the two countries may be coloring the facts somewhat; for instance, it seems just as likely as not that Jo wasn’t aware that the games contained malware. Also, it the report does not explain how South Korean authorities were able to connect Jo’s games to the Incheon Airport attacks.

What is very interesting here is the distribution of the malware. Rather than rely on shady websites or cracked copies to move nasty software around, this method appears to have inserted itself into the world of legitimate commerce. Like the story behind the use of Stuxnet against Iran, it demonstrates how cyberwarfare doesn’t always need tricky delivery methods — just a few people to introduce tainted software.

If true, the North Korean malware scheme might also deftly make use of South Korea’s fondness for video game cafes.

Though “cyberwar” may be an excruciatingly silly name, it seems that it is poised to become a much larger part of how nations interact with one another. This is the future, folks: Drone wars and malware attacks, bringing us closer each day to living in a William Gibson novel.